2 The basics of COBIT® booksOriginally designed for auditors to audit the IT organization,COBIT 5 (Control Objectives for Information and RelatedTechnology) is about linking business goals to IT objectives (notethe linkage here from vision to mission to goals to objectives).COBIT 5 (launched April 2012) provides metrics and maturitymodels to measure whether or not the IT organization hasachieved its objectives. Additionally, COBIT identifies theassociated responsibilities of the business process owners as wellas those of the IT process owners.

3 Summary of COBIT® booksCOBIT is owned and supported by ISACA. It was released in1996; the current Version 5.0 (April 2012) brings together COBIT4.1, Val IT 2.0 and Risk IT frameworks.

The COBIT 5 principles and enablers are generic and useful forenterprises of all sizes, whether commercial, not-for -profit or inthe public sector (Figures 1 and 2).

The process reference model defines and describes in detail a number ofgovernance, and management processes. It represents all the processesnormally found in an organization relating to IT activities, thus providing acommon reference model understandable to operational IT, and businessmanagers, and their auditors/advisors. The process reference modeldivides the processes of organization IT into two domains: governance andmanagement.

COBIT 5 provides a set of 36 governance and management processes withinthe framework.

The four management domains, in line with the responsibility areas of plan,build, run, and monitor (PBRM) provide end-to-end coverage of IT.• Align, plan, and organize• Build, acquire, and implement• Deliver, service, and support• Monitor, evaluate, and assess

A casual look at the four management domains of COBIT 5 rapidly illustratesits direct relationship with ITIL.• The align, plan, and organize domain relates to the service strategy anddesign phases• The build, acquire, and implement domain relates to the service transitionphase• The deliver, service, and support domain relates to the service operationphase• And finally, the monitor, evaluate, and assess domain relates to thecontinual service improvement phaseAll aspects of COBIT 5 are in line with the responsibility areas of plan, build,run and monitor. In other words, COBIT 5 follows the PDCA cycle of Plan, Do,Check, and Act. COBIT has been positioned at a high level, and hasbeen aligned and harmonized with other, more detailed, IT standards andproven practices such as COSO, ITIL, ISO 27000, CMMI, TOGAF and PMBOKGuide. COBIT 5 acts as an integrator of these different guidance materialssummarising key objectives under one umbrella framework that links theproven practice models with governance and business requirements.

4 Target audience of COBIT® BooksSenior business management, senior IT management and auditors.

5 Scope and constraints of COBIT® booksCOBIT provides an ‘umbrella’ framework for IT governanceacross the whole of an organization. It is mapped to otherframeworks and standards to ensure its completeness of coverageof the IT management lifecycle and support its use in enterprisesusing multiple IT-related frameworks and standards.

Some strong points are:• Value creation through effective governance, managemententerprise information and technology (IT) assets• Business user satisfaction with IT engagement and services byenabling business objectives• Compliance with relevant laws, regulations and policies

Constraints:• Treating COBIT as a prescriptive standard when it should beinterpreted as a generic framework to manage IT processesand internal controls. Key themes from COBIT must betailored to the specifi c governance needs of the organization• Lack of commitment from top management – without theirleadership and support, the IT control framework will sufferand business alignment of IT risks will not happen• Underestimating the cultural change – COBIT is not justabout the technical aspects of IT. The organization needs tohave a good understanding of the governance controls for theIT risks